In the past year, AI agents have gradually moved from technology demonstrations to real commercial scenarios. With the explosion of various “lobsters,” more and more AI products have begun to possess the ability to autonomously complete tasks: they can search for information, call tools, connect services, and even represent users to complete complex workflows. As noted by Emily Glassberg Sands, the global head of data and AI at Stripe, AI is evolving from a tool to a new type of economic participant in the internet—agents are no longer just generating content but are starting to take on the roles of buyer or even dominate transactions. However, this new model also breeds new problems—token theft. Emily emphasizes that this may be one of the most underestimated issues in the current AI industry.
A New Type of Theft in the AI Era: What is Targeted is Not Money, But Tokens
In the traditional internet era, the ultimate goal of black and gray production was often to steal users' credit card information for illegal cashing out. But for many AI companies today, the attackers' targets have shifted: they are no longer coveting the balance in accounts, but rather the expensive underlying reasoning resources, model capabilities, and token quotas. Related fraudulent methods usually come in two forms: one is the abuse of free trial limits, meaning repeatedly claiming new user benefits; the second is account abuse, which involves bulk registering fake accounts to amplify profits. According to official data from Stripe, the cases of free trial abuse among AI services running on Stripe have surged more than double within six months, and 1 in every 6 registration attempts comes from malicious activity.
Emily Glassberg Sands, global head of data and AI at Stripe, shares data on malicious registration attempts
Unlike traditional SaaS companies, as agents begin to participate in transactions and execute tasks, the damage caused by token theft will be further amplified. The core reason is that the consumption rate of computational resources by agents far exceeds that of real users—one malicious script can consume token costs that would normally take weeks to accrue within hours. If attackers can use automated tools to continuously create new accounts, crazily drain free token quotas, and “disappear” before real bills are generated, then the losses for AI companies will not just be idle server resources, but real cash flow and profit margins. Stripe has observed that AI companies account for the largest share of the growing trend of free trial abuse: compared to SaaS companies, AI startups that offer self-registration and open APIs face abuse situations that are 10 times higher.
AI startups that offer self-registration and open APIs face significantly higher instances of free trial abuse than enterprise-level AI solutions
This risk is equally fatal for Chinese AI companies that are actively planning globalization: in recent years, AI entrepreneurs and overseas teams with a natural global route have been most concerned with model capabilities and global user base growth. However, as more and more companies begin to adopt free trials, pay-per-use, and agent services models, how to prevent malicious behaviors such as token abuse and resource theft has become a challenge that must be directly faced in the commercialization process. In the global market environment, attacks often manifest as automated networks across regions, identities, and payment methods, which are much more complex than traditional credit card fraud. If preventative measures are not taken at the initial design stage, the globalization efforts of businesses can easily fall into a situation where “growth equals bleeding."
As Fraud Targets Shift from Funds to Resources, Risk Control Must Upgrade
To respond to the continuously evolving methods of fraud, Stripe's anti-fraud product Radar has undergone the largest upgrade in its history. This upgrade is not simply the addition of a few more rules but involves establishing a new risk control system that is genuinely applicable to the agent economy from the ground up. The feedback from data is very intuitive: within just one month, Stripe Radar successfully intercepted over 3.3 million high-risk registration attempts for eight AI companies that are in a phase of high growth.
In product design, Radar first moves the defense line forward, starting to identify multi-account abuse behaviors from the account creation stage. The system combines real-time historical risk signals such as device fingerprints, IP addresses, and email domains stored in Stripe's global network to assess every new registration account in real-time. Potential abuse risks are blocked before the free quota is consumed. The well-known voice AI company ElevenLabs uses this proactive capability to accurately intercept about 2,000 fake accounts trying to abuse free packages each day, greatly protecting the company's core computational resources.
Secondly, in response to the prevalent usage of “pay-per-use” scenarios in the AI industry, Radar has added the capacity to predict malicious debt risks. Previously, companies could only discover fraudsters who were “eating without paying” when the monthly bill became overdue; now, the system can assess whether a user may have a chargeback risk during the ongoing consumption of resources. Once an anomaly is detected, the enterprise can automatically trigger pre-recharge requests, dynamically lower concurrent request limits, or directly suspend service interfaces, thereby minimizing losses.
Additionally, as agentic commerce accelerates its penetration, Stripe has begun trying to establish more refined risk indicators to distinguish authorized agents from malicious “coupon collectors.” Radar generates risk scores for machine trading behaviors, helping companies identify malicious actions that attempt to exploit automation to snatch resources, abuse promotional policies, or circumvent trading rules.
Looking at the evolutionary context of AI, the biggest change brought by agents may not be in how many complex tasks they can complete for humans but in how machines themselves begin to autonomously consume resources, create commercial value, and even directly participate in and dominate transactions. As agents start to participate in or even construct a transaction, risks inevitably shift accordingly.
From stealing funds to stealing resources, from traditional payment fraud to hidden token theft, the AI era is reconstructing underlying business rules. For AI companies caught in the eye of the global competition storm, understanding how to utilize the next generation of risk control infrastructure to defend these rules has become as important as exploring the boundaries of AI technology. Stripe, leveraging its vast global operation scale and ongoing observation and investment in AI, is safeguarding the long-term growth of global companies in the AI era.
About Stripe
Stripe provides programmable financial services to over tens of millions of businesses globally. Tens of millions of companies rely on Stripe to establish online and offline payment channels, integrate financial services into their platforms, build innovative and flexible revenue models, and develop more profitable businesses.
Stripe is headquartered in San Francisco and Dublin, processing over $19 trillion in payments annually, equivalent to 1.6% of global GDP. Stripe's users include almost all leading AI companies, 90% of the Dow Jones Industrial Average companies, and 86% of the companies listed on the Forbes AI 50 list.
With its vast global operation scale and continuous investment in R&D (especially in AI and blockchain), Stripe is accelerating the application of cutting-edge technologies in the global economy.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
